[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Gnumed-devel] Hosting an encrypted pythonic simplehttp GNUmed serv
From: |
Luke Kenneth Casson Leighton |
Subject: |
Re: [Gnumed-devel] Hosting an encrypted pythonic simplehttp GNUmed server |
Date: |
Sun, 1 Aug 2010 20:41:37 +0100 |
On Sun, Aug 1, 2010 at 6:56 PM, Jim Busser <address@hidden> wrote:
> On 2010-08-01, at 12:58 AM, Sebastian Hilbert wrote:
>
>> Now I understand where you one-time password quest comes from.
>
> Yes, certainly if practicality demands that you use non-owned machines to log
> in remotely with web browser. I like to hope that the hospital machines are
> only minimally infected but you cannot know that, for sure, either when it
> turns out any OS has vulnerabilities with exploits found in the wild.
>
> Luke already quickly looked into Yubikey
>
> e.g. http://www.yubico.com/files/YubiKey_in_Linux_Journal.pdf
>
> and figured likely it has to go in at the postgresql level, because it's
> postgresql that's doing the authentication, that means probably doing this as
> PAM, because postgresql can "hand off" to underlying unix.
>
> "many yubico server implementations _use_ postgresql as the back-end for
> storage of the OTP keys."
>
> greaaaat.
this was intended to be sarcastic, because as you can surmise, having
to potentially configure a postgres server which can take
non-yubico-based authentication from one source (in order to get at
the yubico keys for the purposes of the yubico server implementation
to actually like... work), and having to _also_ configure it so that
the exact same postgres server will accept yubico-authenticated users,
i just... the last time i had to deal with something like this was
with the NT Domains implementation for samba TNG, and it's nooot
funny.
but - it _was_ a very quick look, so i could be entirely wrong: it
may actually be the case that a yucibo server isn't actually needed
when you use the yubico PAM plugin: i didn't look that closely enough
to find out. it may be the case that you actually want *separate*
machines for the gnumed server and the yubico server (if in fact a
yubico server is needed at all) and two would neatly solve the problem
of having a truly dreadful postgresql configuration
etc. etc.
l.
- [Gnumed-devel] Hosting an encrypted pythonic simplehttp GNUmed server, Jim Busser, 2010/08/01
- Re: [Gnumed-devel] Hosting an encrypted pythonic simplehttp GNUmed server, Sebastian Hilbert, 2010/08/01
- Re: [Gnumed-devel] Hosting an encrypted pythonic simplehttp GNUmed server, Sebastian Hilbert, 2010/08/01
- Re: [Gnumed-devel] Hosting an encrypted pythonic simplehttp GNUmed server, Jim Busser, 2010/08/01
- Re: [Gnumed-devel] Hosting an encrypted pythonic simplehttp GNUmed server,
Luke Kenneth Casson Leighton <=
- Re: [Gnumed-devel] Hosting an encrypted pythonic simplehttp GNUmed server, Jim Busser, 2010/08/01
- Re: [Gnumed-devel] Hosting an encrypted pythonic simplehttp GNUmed server, Karsten Hilbert, 2010/08/01
- Re: [Gnumed-devel] Hosting an encrypted pythonic simplehttp GNUmed server, Luke Kenneth Casson Leighton, 2010/08/01
- Re: [Gnumed-devel] Hosting an encrypted pythonic simplehttp GNUmed server, Luke Kenneth Casson Leighton, 2010/08/01
- Re: [Gnumed-devel] Hosting an encrypted pythonic simplehttp GNUmed server, Jim Busser, 2010/08/01
Re: [Gnumed-devel] Hosting an encrypted pythonic simplehttp GNUmed server, Karsten Hilbert, 2010/08/01
Re: [Gnumed-devel] Hosting an encrypted pythonic simplehttp GNUmed server, Karsten Hilbert, 2010/08/01
Re: [Gnumed-devel] Hosting an encrypted pythonic simplehttp GNUmed server, lkcl, 2010/08/03